Force DD-WRT to use OpenDNS Servers for DNS Queries

In one of my recent articles, I explained how I set-up a guest wireless network for our work place (after getting it to work with the right wireless channel :))

After configuring the guest access point, I set up the DNS servers to point to OpenDNS in order to provide a safer and faster DNS service (compared to the default DNS servers our ISP provides) as well as choosing what web-sites should be allowed on the network.
For example, bandwidth hogging (Media/Video Sharing) and other web-sites which could potentially be used for illicit purposes (P2P/File Sharing) are forbidden on the network.

However, without any firewall rules on the router itself, it would still be possible for a guest on the network to change their DNS settings on their wireless adapter to point to any other DNS server; effectively bypassing all OpenDNS filters on the network for that specific client.

Luckily, the DD-WRT is a Linux powered firmware which is encompassed with many useful features including flexible firewall rules. Also known as iptables.

This article assumes you already have OpenDNS set up on a DD-WRT powered router but should also with any Linux powered router.

  1. Go to the Administration tab on your DD-WRT gateway page.
  2. Click on the Commands tab.
  3. In the Commands box, enter the following then click Save Firewall

iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

There you have it. All DNS queries are now intercepted (TCP/UDP port 53)  by the iptable rules and forced to use the DNS servers configured on the router.